On Tue, 18 Feb 2003, Kee Hinckley wrote: > > One theory I've heard on this is that the script kiddies are using > spam for DoS attacks under the (probably correct) assumption that if > you report it to the relevant authorities they will dismiss it as > "just being spam." This was from someone who had in fact tried to > report such a DoS attack and received just that response. I phoned CERT and they said pretty much the same thing, but for all intents and purposes spam pretty much stops becoming spam when it becomes a denial of service. It seems that there are very few people out there who have seen this but I'm sure it's not far off from becoming more prevalent. After we got the situation under control we took a look at the data and found that we are the victim of a dictionary attack. Basically this guy is hitting us using a huge list of users. Some are random, but others look like they may have been culled from another victim site. After getting lots of great advice from members on this list, we have implemented RBL. Thousands of messages are now being refused and the mail relays are staying up. Thanks to all for your assistance. Regards, .Sarah ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Feb 19 2003 - 11:38:22 PST